CVE-2013-4939: XSS via .swf files
(updated )
In the vulnerable versions, the uploader.swf
and io.swf
utilities contain a vulnerability allowing cross-site scripting through the .swf
files used in these components. Through a url accessing these files, and attacker can inject script in the context of these files, potentially exposing cookies or other sensitive information. The vulnerability resurfaced in v0.10.2, but only with io.swf
.
References
Detect and mitigate CVE-2013-4939 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →